Need tech support - MOM issues with agent push

thrasherfox

thrasherfox

BUSA
Donating Member
Registered
I am receiving the following error:

The MOM Server failed to open service control manager on computer
servername.LOCAL.COM.
Therefore, the MOM Server cannot complete configuration of agent on the
computer.
Operation: Agent Install
Install account: domain\account
Error Code: 800706BA
Error Description: The RPC server is unavailable.


I have already checked out MS Technet and seems like a lot of people are having this problem (gee imagine that, a problem with a MS product) and I have not seen any productive answers.

microsoft tech support sucks.


Has anyone experianced any similiar problmes with running a MOM or a SCE?
 
Mr Biscuit said:
The Microsoft Operations Manager 2005 agent does not install on computers that are running Windows XP with Service Pack 2 (SP2) and Windows Server 2003 with Service Pack 1 (SP1)
mom The MOM Server failed to open service control manager on computer.

or DNS issue? Omar is great on server... which OS?
Click to expand...

Server 2003 and WIN XP SP2 and SP3 WS

I already ran the mom prerequisite checker and everything comes back good.

I made sure AV is turned off and I disabled the firewall (after I tried it with the firewall enabled first)

it does have a FQDN and is registered properly in DNS. I can ping both the IP and the FQDN

I am using the Domain admin account to push the agent.

I have two other computers that it worked on fine (they were new and added as soon as they were booted up). Now that I have put the server into service I am trying to add the pre-existing work stations (these workstations have been in service for over a year and were configured as stand alone systems with a focus on security using an NSA INF template)
 
Just a guess here, I'm not an MS weenie
Could it be a timing or clock sync issue?
 
ok dumb question probably, but these are "XP Pro" installs? logged on as local admin?

time within 5 minutes of server (per above)

could be one of the security settings that were added is at issue..

I think this should put security setting back to default (you should have a back up of system if you think you will want the old settings back..) this is per MS:

How to reset security settings back to the defaults

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
 
just don't PUSH your MOM around. it's not polite :laugh:

my money's on DNS/IP networking also. any OTHER firewalls across your backend possibly blocking something? is your sniffer handy?
 
Ron, try this:

[FONT=&quot]Yeah, I have had the same problem trying to automatically install the agent on our DMZ machines. Sounds like the server he wants to manage is behind a firewall that’s blocking full RPC access. He can either just manually install the agent off the OpsMgr CD or he can troubleshoot the firewall issues. If he is using ISA, here’s some help:[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Forefront TMG (ISA Server) Product Team Blog : RPC Filter and "Enable strict RPC compliance"[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Specifically, he needs to create an access rule and then:[/FONT]
[FONT=&quot] [/FONT]
After creating the rule, right-click it and select [FONT=&quot]Configure RPC Protocol[/FONT]. On the [FONT=&quot]Protocol [/FONT]tab, clear [FONT=&quot]Enable strict RPC compliance[/FONT].[FONT=&quot][/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]This will force ISA to pass the DCOM traffic that needs to be passed for WMI to work correctly. To test this, open Computer Management from the Ops Mgr server, connect to the remote server, and go to Properties on WMI Control (under Services and Applications) to verify it connects. It should say “Successfully Connected” if the firewall is passing the traffic correctly.[/FONT]
 
Busa Jules said:
GEEEEEKS!!!! :rofl:
Click to expand...

Geek!! do I look like a geek!!! :banghead:

:smileyexhibit:

ron_busa01.jpg
 
omslaw said:
Ron, try this:

[FONT=&quot]Yeah, I have had the same problem trying to automatically install the agent on our DMZ machines. Sounds like the server he wants to manage is behind a firewall that’s blocking full RPC access. He can either just manually install the agent off the OpsMgr CD or he can troubleshoot the firewall issues. If he is using ISA, here’s some help:[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Forefront TMG (ISA Server) Product Team Blog : RPC Filter and "Enable strict RPC compliance"[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Specifically, he needs to create an access rule and then:[/FONT]
[FONT=&quot] [/FONT]
After creating the rule, right-click it and select [FONT=&quot]Configure RPC Protocol[/FONT]. On the [FONT=&quot]Protocol [/FONT]tab, clear [FONT=&quot]Enable strict RPC compliance[/FONT].[FONT=&quot][/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]This will force ISA to pass the DCOM traffic that needs to be passed for WMI to work correctly. To test this, open Computer Management from the Ops Mgr server, connect to the remote server, and go to Properties on WMI Control (under Services and Applications) to verify it connects. It should say “Successfully Connectedâ€￾ if the firewall is passing the traffic correctly.[/FONT]
Click to expand...

I keep thinking it is an RPC issue.

I dont have any firewalls setup. it is an internal LAN. I have made sure that the firewalls are disabled in the computers. no DMZ's

Right now I am seting the security settings back to stock (figured I would use a term Jules can relate to :poke: ) :laugh: ehem.. anyway.

I think I am starting to hate Microsoft..

I am trying everything you all have advised so far, including makeing sure the date and time was correct.


:banghead::banghead:
 
Omar bats pretty good average at these issues... I have more than a couple notes from his posts :)


*(when all else fails, I re-image the workstation) :rofl: cureall/fixall
 
Last edited:
Mr Biscuit said:
Omar bats pretty good average at these issues... I have more than a couple notes from his posts :)


*(when all else fails, I re-image the workstation) :rofl: cureall/fixall
Click to expand...


Yeah, the re-image thing keeps popping up into the back of my head. In the end that might be the best solution.

I had to do the same thing with my SCE server, spent over 12 hours with MS tech support, his name was Bill or Chad but he sure sounded like he was from India.

Anyway, Chad couldnt help me and I just whacked the servber, re-installed and it worked
 
thrasherfox said:
Yeah, the re-image thing keeps popping up into the back of my head. In the end that might be the best solution.

I had to do the same thing with my SCE server, spent over 12 hours with MS tech support, his name was Bill or Chad but he sure sounded like he was from India.

Anyway, Chad couldnt help me and I just whacked the servber, re-installed and it worked
Click to expand...

I know it is usually overkill but I gotta save time where I can some days and it is just better for me to walk away, let the box re-image and then just bring it back on the network...

sort of a sledgehammer fix when the right tac hammer would be much better... I am just not always good at finding the right tac hammer :)

Omar has bailed me out a couple times :whistle:
 
I'm sure you saw this already

SUMMARY

This article describes the security rights that are necessary for Microsoft Operations Manager (MOM) 2000. uparrow.gifBack to the top

MORE INFORMATION

To Install Agents

To install agents by using an automatic or "Push" installation requires certain rights and permissions on the local agent: •The MOM service account, which Setup defines, is used to install the agent. To install agents, the Agent Manager account must have access to the Microsoft Windows NT Security Event Log, access to administrative shares, and read and write access to the registry for each agent.•After the agent is installed, the agent runs under the security context of the local system. This is an important point because scripts are run from the agent under that security context. It is possible to run scripts at the Database-Consolidator-Agent Manager (DCAM) level, and therefore run scripts under the MOM Service Account context.•The agent communicates back to the DCAM by means of Microsoft Windows Sockets API, and there are no security context concerns. Communications are encrypted by default and use the Diffie-Hellmen Encryption method to secure communications between the agent and the DCAM.uparrow.gifBack to the top
MOM Server

The MOM Server requires that certain User Rights are granted to the Service account for installation. Those rights are: •Log on as a Service.•Log on as a Batch Process.•Act as Part of the Operating System.•Create a Token Object.In addition, the MOM Service account must be part of the local administrators group on the server.

Throughout installation, the following local groups are created on the MOM Server. •OnePointOp ConfgAdms•OnePointOp Operators•OnePointOp Reporting•OnePointOp System•OnePointOp UsersThese groups are local groups to the MOM Server. If you want to grant permissions to users to view or work with the MOM Server then you need to add the users from the domain that the users belongs to. By using the different groups, you define the level of security permission that the users have: •OnePointOp ConfgAdms are able to configure the MOM Server and apply changes to the Global Settings. •OnePointOp Operators are able to monitor events and alerts and to resolve them.•OnePointOp Reporting enables users access to the reporting tool.•OnePointOp System is the system level group membership.•OnePointOp Users enables users basic connection to the MOM Server and should be granted to all users that access the MOM Server.

uparrow.gif
 
And the winner is....










MR. BISCUIT!!! :thumbsup:

I had a feeling it was a security setting, especially since it worked on newly setup computers but not the ones that have been in service for over a year.

Trying to figure out what security policy or registry entry I had made that might have caused it was like trying to find a needle in a haystack.

I ran the secedit routine to put it back to deafult and it worked!!! my SCE server immediatly saw it and pulled it into the collective!! :laugh:

Thanks everyone for all the input and help. It amazes me that I am finding this site provides the best computer tech support over my other sources, like I dont know.. MICROSOFT!!!! AHHHHHH
 
You must log in or register to reply here.

Similar threads

MC MUSTANG
I need a computer geek!  HELP!
Replies
10
Views
847
TurboSN95
TurboSN95
Bosshound
Dealing With Comcast Cable !!!
Replies
2
Views
1,898
fiend
fiend
thrasherfox
What in the World is Going On?
Replies
15
Views
1,607
motogp08
motogp08
Back
Top